From: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Date: Tue, 6 Aug 2024 16:10:13 +0000 (+0200)
Subject: ikev2: fix BN_bn2bin re-allocation
X-Git-Tag: v25.02-rc0~83
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=fa7b7a41e7ca9400dda2266a10dd9179be40c128;p=vpp.git

ikev2: fix BN_bn2bin re-allocation

the former code was re-allocating the vector when padding takes place.
it's not necessary since we have the correct size. also, it caused
issues since upper layer doesn't know about re-allocation and it caused
crash. with this patch many test-cases are enabled again.

Type: fix

Change-Id: Idf0b320101670ec64d62e9aac6399cc7c54c996f
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
---

diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c
index 3d4ad0a28ed..58167e2322e 100644
--- a/src/plugins/ikev2/ikev2_crypto.c
+++ b/src/plugins/ikev2/ikev2_crypto.c
@@ -481,15 +481,14 @@ ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
 int
 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
 {
-  int r = BN_bn2bin (a, to);
+  int r = BN_num_bytes (a);
   ASSERT (tolen >= r);
   int pad = tolen - r;
   if (pad)
     {
-      vec_insert (to, pad, 0);
       clib_memset (to, 0, pad);
-      vec_dec_len (to, pad);
     }
+  BN_bn2bin (a, to + pad);
   return tolen;
 }
 #endif
diff --git a/test/test_ikev2.py b/test/test_ikev2.py
index b93e7805363..be14df10203 100644
--- a/test/test_ikev2.py
+++ b/test/test_ikev2.py
@@ -23,8 +23,6 @@ from scapy.utils import long_converter
 from framework import VppTestCase
 from asfframework import (
     tag_fixme_vpp_workers,
-    tag_fixme_ubuntu2204,
-    tag_fixme_debian11,
     is_distro_ubuntu2204,
     is_distro_debian11,
     VppTestRunner,
@@ -2036,7 +2034,6 @@ class TestResponderBehindNAT(TemplateResponder, Ikev2Params):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorNATT(TemplateInitiator, Ikev2Params):
     """test ikev2 initiator - NAT traversal (intitiator behind NAT)"""
 
@@ -2069,7 +2066,6 @@ class TestInitiatorNATT(TemplateInitiator, Ikev2Params):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorPsk(TemplateInitiator, Ikev2Params):
     """test ikev2 initiator - pre shared key auth"""
 
@@ -2101,7 +2097,6 @@ class TestInitiatorPsk(TemplateInitiator, Ikev2Params):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorRequestWindowSize(TestInitiatorPsk):
     """test initiator - request window size (1)"""
 
@@ -2151,7 +2146,6 @@ class TestInitiatorRequestWindowSize(TestInitiatorPsk):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorRekey(TestInitiatorPsk):
     """test ikev2 initiator - rekey"""
 
@@ -2197,7 +2191,6 @@ class TestInitiatorRekey(TestInitiatorPsk):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorDelSAFromResponder(TemplateInitiator, Ikev2Params):
     """test ikev2 initiator - delete IKE SA from responder"""
 
@@ -2407,8 +2400,6 @@ class TestResponderRekeySA(TestResponderPsk):
         self.verify_ike_sas()
 
 
-@tag_fixme_ubuntu2204
-@tag_fixme_debian11
 class TestResponderVrf(TestResponderPsk, Ikev2Params):
     """test ikev2 responder - non-default table id"""
 
@@ -2528,7 +2519,6 @@ class Test_IKE_AES_GCM_16_256(TemplateResponder, Ikev2Params):
 
 
 @tag_fixme_vpp_workers
-@tag_fixme_ubuntu2204
 class TestInitiatorKeepaliveMsg(TestInitiatorPsk):
     """
     Test for keep alive messages